Project

General

Profile

Bug #13913

Logs full of WARN Attribute 'apiAuthorizationKind' or 'expirationTimestamp' is defined for API account but it will be ignored

Added by François ARMAND about 1 year ago. Updated 11 months ago.

Status:
Released
Priority:
N/A
Category:
API
Target version:
Severity:
Minor - inconvenience | misleading | easy workaround
User visibility:
Operational - other Techniques | Rudder settings | Plugins
Effort required:
Very Small
Priority:
92
Tags:

Description

I'm not sure if the problem lies in Rudder or in one of user-management/api-authorization plugins, but we get into a situation where any action in Rudder leads to new logs:

WARN  com.normation.rudder.repository.ldap.LDAPEntityMapper - Attribute 'apiAuthorizationKind' or 'expirationTimestamp' is defined for API account 'admin' [admin], it will be ignored because the account is of type 'user'.

LDAP entry looks like:

dn: apiAccountId=admin,ou=API Accounts,ou=Rudder,cn=rudder-configuration
apiAccountId: admin
objectClass: apiAccount
objectClass: top
cn: admin
creationTimestamp: 20181023124204.477Z
apiToken: xxxxxxxxxx
apiTokenCreationTimestamp: 20181023124204.477Z
description: API token for user 'admin'
isEnabled: TRUE
apiAccountKind: user
structuralObjectClass: apiAccount
entryUUID: ca12ae10-6b0c-1038-8970-7396c7013d6a
creatorsName: cn=manager,cn=rudder-configuration
createTimestamp: 20181023124204Z
apiAuthorizationKind: rw
entryCSN: 20181024141834.113179Z#000000#000#000000
modifiersName: cn=manager,cn=rudder-configuration
modifyTimestamp: 20181024141834Z
entryDN: apiAccountId=admin,ou=API Accounts,ou=Rudder,cn=rudder-configuration
subschemaSubentry: cn=Subschema
hasSubordinates: FALSE

So the problem is "apiAuthorizationKind". It may already be there in Rudder 4.3.

The severity is low, and in fact there's little reason for the log level to be "warn". It should be "debug".


Subtasks

Bug #14220: Log "Missing API authorizations level kind for token 'admin' with id 'admin'"ReleasedNicolas CHARLESActions

Associated revisions

Revision d5a7dca1 (diff)
Added by François ARMAND 11 months ago

Fixes #13913: Logs full of WARN Attribute 'apiAuthorizationKind' or 'expirationTimestamp' is defined for API account but it will be ignored

History

#1

Updated by François ARMAND about 1 year ago

  • Tags set to Sponsored
  • Severity set to Minor - inconvenience | misleading | easy workaround
  • User visibility set to Operational - other Techniques | Rudder settings | Plugins
  • Priority changed from 0 to 65
#2

Updated by François ARMAND about 1 year ago

  • Effort required set to Very Small
  • Priority changed from 65 to 94

It should be really small, most likelly the warning for "apiAuthorizationKind" should not be there.

#3

Updated by François ARMAND about 1 year ago

It may be related to #12958 but most likely not.

#4

Updated by François ARMAND about 1 year ago

  • Assignee set to François ARMAND
#5

Updated by Vincent MEMBRÉ 11 months ago

  • Target version changed from 4.3.8 to 4.3.9
  • Priority changed from 94 to 93
#6

Updated by François ARMAND 11 months ago

OK, the problem seems to be that "apiAuthorizationKind" is added when it should not bootstrap check "CheckApiTokenAutorizationKind".

#7

Updated by François ARMAND 11 months ago

  • Status changed from New to In progress
#8

Updated by François ARMAND 11 months ago

  • Status changed from In progress to Pending technical review
  • Assignee changed from François ARMAND to Vincent MEMBRÉ
  • Pull Request set to https://github.com/Normation/rudder/pull/2111
#9

Updated by François ARMAND 11 months ago

  • Status changed from Pending technical review to Pending release
#10

Updated by Alexis MOUSSET 11 months ago

  • Status changed from Pending release to Released
  • Priority changed from 93 to 92
This bug has been fixed in Rudder 4.3.9 and 5.0.5 which were released today.
Changelog
Changelog

Also available in: Atom PDF